Get the lowest-cost and the best server colocation service in the business. Learn more.
Information Technology News.

Cisco to ship networking gear to vacant addresses to circumvent the NSA

Share on Twitter.

Get the most reliable SMTP service for your business. You wished you got it sooner!

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

March 19, 2015

Cisco security chief John Stewart said this morning that the networking equipment maker will start shipping its network gear to vacant addresses, in an effort to circumvent the NSA's secret spying initiatives.

The so-called dead drop shipments will help to neutralize an Edward Snowden revealed operation whereby the U.S. federal agency would intercept networking gear and install various backdoors in them before the equipment reached customers.

The interception campaign was first revealed in May 2014. Speaking at a Cisco Live press panel in Melbourne today, Stewart says Cisco will ship with fake identities and vacant addresses for its most sensitive customers, in cases suspected that the NSA could be involved.

"We ship networking equipment to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried, it causes other issues to make interception more difficult in that federal agencies don't quite know where that router or switch is going so its very hard to target. You'd then have to target all of them or none at all. There is always going to be inherent risk," he added.

Stewart added that some customers drive up to a distributor and pick up hardware at the door. He says nothing could guarantee protection against the NSA, however.

"If you had a machine in an airtight area, I stop the controls by which I mitigate risk when I ship it," he says, adding that hardware technologies can make malicious tampering "incredibly difficult".

Cisco has poked around its routers for possible spy chips, but to date hasn't found anything because it necessarily doesn't know what NSA taps may look like, according to Stewart.

After the hacking campaign, Cisco CEO John Chambers wrote a letter to U.S. President Barack Obama saying NSA's spying would undermine the global technology industry.

Fellow panelist Mike Burgess, chief security officer for Australia's dominant telco Telstra, says the telecom provider is confident it will be able to secure the swelling pools of data the nation's government will force it to collect under soon-to-be-enacted data retention laws.

The former officer with Australia's agency of the Defence Signals Directorate said the swelling data pools will turn companies into honeypots for hackers, and staff with access to the databases as prime targets for various phishing campaigns.

He was unsure how much data retention will cost the telco, but insisted that it will impose a monetary overhead and rejected claims it can be covered without much expense under existing security controls.

The impending cost overheads prompted telcos to write to Federal Attorney General George Brandis and Communications Minister Malcolm Turnbull requested some government input.

Stewart points out that various hacking groups are likely with sufficient time and effort to be successful at targeting systems such as data retention databases.

"If a truly dedicated team is coming after you for a very long period of time, then the probability of them succeeding goes up fast," he says.

Telecom service providers should not focus on the financial cost of protecting those databases and instead ensure that acceptable risk levels are met, he says.

Source: Cisco.

Get the most dependable SMTP server for your company. You will congratulate yourself!

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.